Dear Scott,
In your mail, you haven't specified what MTA(on Linux) you are using for
relay and the mail server to which the mails are delivered. I'm giving
an example setup using postfix as relay and exchange 2000 as the final
destination.
First, configure postfix as shown below.
Second, configure exchange to use postfix SMTP for outgoing mails and
disable receiving mails directly from the internet.
Third, test the setup for both incoming and outgoing mails.
Fourth, install openprotect on the postfix relay server.
Postfix Configuration
------------------------------
myorigin - domain mail from this machine appears to come from.
postconf -e "myorigin = domain1.com"
Obviously, in the above, and all the following commands, replace example
parameters, like "domain1.com", with your own specific values.
myhostname - the fully-qualified domain name ("FQDN") of the machine
running the Postfix system.
postconf -e "myhostname = mail.domain1.com"
mydestination - specifies for which domains this machine will accept
mail (from the outside, i.e., from the Internet). List here ONLY domains
for which you are responsible for accepting mail. Separate them with commas.
postconf -e "mydestination = domain1.com, domain2.com"
...don't forget to change to your value(s)!!
mynetworks - the machines I trust, and will relay mail for, to any
destination. Generally, this is set to my LAN, or just one, or a few
trusted internal mail servers. This is an important one to get right, or
else you can become an "open relay". In other words, your box could
accept and forward mail to domains for which it has no business doing
so. Being an "open relay" is a serious issue, and can cause you to get
"blacklisted" by various Internet anti-spam lists, among other problems.
postconf -e "mynetworks = x.x.x.x/32"
(where x.x.x.x is the IP address of a specific machine)
If you will be dealing with multiple internal mail servers, and/or want
to allow several machines and/or subnets to relay through this server
(carefull!!), just add them to this parameter in CIDR format, like this:
Alternate to the last command:
postconf -e "mynetworks = 172.20.32.5/32, 10.0.0.0/16, 172.20.16.0/8"
(the above will allow the machine 172.20.32.5, and any machines that
have an IP address starting with 10.0, or 172.20.16, to relay smtp mail
through this box)
biff - we won't use biff notifications (don't ask)
postconf -e "biff = no"
smtpd_banner - what this server calls itself, when talking with other
mail servers (keep identification info to a minimum, but conform to
RFCs.). If you want to respect other mail servers that require a valid
reverse-lookup address for all connecting mail servers, use a hostname
that has a reverse lookup on the Net!
postconf -e "smtpd_banner = mail.domain1.com"
message_size_limit - maximum size email that postfix will let in the
"front door"
postconf -e "message_size_limit = 1000000000"
(The above allows emails up to 1GB)
local_transport - give an error message for local delivery attempts.
postconf -e "local_transport = no local mail delivery"
local_recipient_maps - don't try to determine valid email recipients
In our situation, the postfix server will have no idea if we have a
[EMAIL PROTECTED] or a [EMAIL PROTECTED], etc. It doesn't have any such
lists to check against! We could fix this, but it is far easier to just
ignore this problem. If mail comes in to a recipient that I don't have,
postfix will process it and transport it on to the internal mail server,
which will promptly reject it and will attempt to do the NDR
(non-delivery report) to the stated sender email address. There are
other potential solutions here, but I will only cover this simple
configuration, which works fine. So we'll just set this value to nothing:
postconf -e "local_recipient_maps = "
transport_maps - tells postfix where to look for a transport file. That
tells it where to forward valid mail for our internal domains. Our file
will be /etc/postfix/transport. (No, postfix admins, we won't use the
"relay_domains" parameter for this - see the problem described at
http://www.postfix.org/faq.html#firewall if you need details. Also the
section just above in that web page discusses using a transport table.)
postconf -e "transport_maps = hash:/etc/postfix/transport"
/etc/postfix/transport - now we'll leave the main.cf file for a bit and
go to the file we just mentioned above: the "transport" file, which is
what postfix will check for redirection or relaying of mail addressed to
particular domains. In our case, all inbound mail will be relayed on to
other mail servers:
vi /etc/postfix/transport
(and edit file as per below:)
Read the text in this doc as you please, to understand better, then
scroll down to the bottom of the file (actually doesn't make any
difference WHERE in the file you do this):
add 1 new line for each domain for which you will be handling mail,
similar to the example below
(but of course replace domain#.com with your domain(s) and x.x.x.x and
y.y.y.y with the IP address of the mail server(s) that are the final
destination(s) for their respective domains) - like this (remember, use
the key "i" to begin inserting in vi):
domain1.com smtp:[x.x.x.x]
domain2.com smtp:[y.y.y.y]
(DO include the brackets on these lines!)
*These lines tell postfix to transport any mail addressed to recipients
in domain#.com to the mail servers at the IP address(es) specified (i.e.
your internal mail server(s), using the smtp protocol. The format is
exacting, get every symbol correct and leave some white space between
the domains and the "smtp" part.
*Note: any time you make a change to this file, you must create a
special version of it for postfix to read, by running the postmap
command (postfix doesn't actually read the text version we work in, it
makes another, faster file for its use):
postmap /etc/postfix/transport
Restart postfix using,
/etc/init.d/postfix restart
Exchange 2000 configuration
------------------------------------------
The above setup scans all incoming mails. To scan outgoing mails,
1) Using the Exchange System Manager, drill down to your outgoing
server's SMTP Protocol. Right Click on the Default SMTP Virtual Server
and select Properties.
2) On the Delivery tab, click on Advanced Delivery, and enter your
outgoing SMTP(postfix) relay server for your mail account.
3) If you are running an internal Exchange server with Outlook clients,
you not only have to SmartHost your Virtual Servers, but also your
Exchange Internet Mail Service Connector. Bring up the properties, and
enter your SMTP Smart Host in the "Forward all mail through this
connector to the following smart hosts" text box.
cheers,
Ganesh, KM.
> Hello,
>
> Is there any docs involving setting up an smpt proxy, or realy server? I
> have installed the software, it seems to be humming along just fine, I
just
> need to tell the server to send all mail, after scanning to my actual
email
> servers. Any help would be much appreciated.
>
> TIA,
>
> Scott
